Create EC2 instance with NitroTPM Enabled
0
Hi, want to create an ec2 instance with nitroTPM 2.0 enabled.
I followed the instructions from this site: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-support-on-ami.html
{
"Images": [
{
"Architecture": "x86_64",
"CreationDate": "2022-11-21T20:07:43.000Z",
"ImageId": "ami-05683f60db56ff1b5",
"ImageLocation": "293786889684/DebianImage",
"ImageType": "machine",
"Public": false,
"OwnerId": "293786889684",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": true,
"SnapshotId": "snap-0c493ccaccd018881",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"DeleteOnTermination": true,
"VolumeSize": 10,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"EnaSupport": true,
"Hypervisor": "xen",
"Name": "DebianImage",
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm",
"BootMode": "uefi",
"TpmSupport": "v2.0"
}
]
}
So far it looks good, but if I try to launch an instance of this AMI, I cannot connect to the machine. If I create an instance from the management console without nitroTPM support I can connect to the machine via my Key. Also, I would like to get some measurements from the TPM, but I don't see any of the hashes in the response. I appreciate any help you can offer.
Heres my ec2 description
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-05683f60db56ff1b5",
"InstanceId": "i-03435c99e5a3a83b5",
"InstanceType": "m6a.xlarge",
"KeyName": "OPTI_PLEX_KEY_PAIR",
"LaunchTime": "2022-11-21T20:53:29.000Z",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "eu-central-1a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168",
"ProductCodes": [],
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIpAddress": "18.159.62.7",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-12bdf778",
"VpcId": "vpc-d90e6cb3",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"AttachTime": "2022-11-21T20:53:30.000Z",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-05814aff540510c1f"
}
},
{
"DeviceName": "/dev/xvdf",
"Ebs": {
"AttachTime": "2022-11-21T20:53:30.000Z",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-03027ae670649544f"
}
}
],
"ClientToken": "45856522-8833-4e31-985f-f5209b014fa1",
"EbsOptimized": true,
"EnaSupport": true,
"Hypervisor": "xen",
"ElasticGpuAssociations": [],
"ElasticInferenceAcceleratorAssociations": [],
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIp": "18.159.62.7"
},
"Attachment": {
"AttachTime": "2022-11-21T20:53:29.000Z",
"AttachmentId": "eni-attach-01e82b7e623e8e9da",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "launch-wizard-10",
"GroupId": "sg-05676ad26b7f6ed13"
}
],
"Ipv6Addresses": [],
"MacAddress": "02:b8:28:63:4f:fc",
"NetworkInterfaceId": "eni-095492d80db0313b8",
"OwnerId": "293786889684",
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com",
"PublicIp": "18.159.62.7"
},
"Primary": true,
"PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal",
"PrivateIpAddress": "172.31.16.168"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-12bdf778",
"VpcId": "vpc-d90e6cb3",
"InterfaceType": "interface",
"Ipv4Prefixes": [],
"Ipv6Prefixes": []
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "launch-wizard-10",
"GroupId": "sg-05676ad26b7f6ed13"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "Name",
"Value": "Ubuntu bla"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 2,
"ThreadsPerCore": 2
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"Licenses": [],
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "enabled"
},
"EnclaveOptions": {
"Enabled": true
},
"BootMode": "uefi",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"UsageOperationUpdateTime": "2022-11-21T20:53:29.000Z",
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": true,
"EnableResourceNameDnsAAAARecord": false
},
"TpmSupport": "v2.0",
"MaintenanceOptions": {
"AutoRecovery": "default"
}
}
],
"OwnerId": "293786889684",
"ReservationId": "r-0089af1cf650fc657"
}
]
}
Tag
Lingua
English
posta un anno fa450 visualizzazionilg...
1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Queste risposte sono utili? Dai un voto positivo alla risposta corretta per aiutare la community a trarre vantaggio dalle tue conoscenze.
0
Hi! I've done some testing of my own to investigate the problem. It seems like there may be an issue with the register-image API in the CLI and the NitroTPM. In efforts to replicate, as well as tinker around, the instances created this way fail to pass EC2 Status Checks. When requesting screenshot of the instance (Actions -> Monitor and Troubleshooting -> Get instance screenshot), it is very evident that it did not boot properly. I have forwarded my investigation and this post to the Nitro team.
con risposta un anno falg...
Contenuto pertinente
AWS UFFICIALEAggiornata 2 anni fa- AWS UFFICIALEAggiornata 3 anni fa